The most interesting things I learned at HOPE X

The most interesting things I learned at HOPE X.

I attended 2600’s Hackers on Planet Earth (HOPE) conference this past weekend at the Hotel Pennsylvania. This is my third time going – and their tenth time running it since 1994. This was an especially great year with a big turnout, not only because it was the tenth anniversary, but also because big names like Ellsberg and Snowden spoke there, the latter via video conference. The biggest talks were so packed that not only was it standing-room-only in the main halls, but the overflow rooms were too. Here are few things I learned.

Black-bag cryptanalysis is the name given to burglary via some trojan horse installed on a target device (or a device to which the target is connected). In the case of a mobile phone, it could mean an attack via some spoofed charger that is used to get malware onto your phone or your apps. Think about that the next time you plug your iPhone into a hotel’s alarm/speaker kit. This is why with newer releases of iOS, you’ll notice a “Trust the currently connected computer?” alerts every time you plug it into something that is asking for full data.

There are numerous backdoors and potential surveillance loopholes on iOS, like the packet scanner, pcapd, which runs by default on all devices. It is said that perhaps these are for diagnostics and trouble-shooting purposes, but the author took a different view and wrote it all up in a paper and a talk.

There was a funny “How to Rickroll the Chromecast” talk. The idea is to deauth the existing WiFi connection on a Chromecast and let it become its own hotspot to which your rogue device sends commands (the, *ahem*, Rickmote Controller). Then have it play Astley’s ‘Never Gonna Give You Up’ video. The whole prank is a great hat tip to Wozniak’s TV jammer box.

PGP is still too hard for normal people and probably other types of connections too beyond just “am I connected via HTTPS?”. When Snowden was trying to communicate with Glenn Greenwald, Glenn couldn’t figure out how to read the encrypted email. So, of course, Snowden made a HOWTO video.

IMSI-catchers are probably more numerous around the world than one thinks. It allows for a man-in-the-middle attack by essentially acting as a fake mobile tower. It not only allows one to log IMSI numbers as they go by (and how many times one is in the area), but force a mobile phone connected to it to make calls without encryption (thereby, allowing one to record the raw audio). In fact, I just realized that the femtocell that I have at home to give me more bars on AT&T has an IMSI whitelist to let only known phones on. It no doubt easily knows everyone else that’s in the room at any time too.

We are at an intersection of two languages: legalese and technology. And if you’re going to “poke the bear” (either play around in or work in this space), you’d better full well understand both. A lot of the big talks weren’t too technical in nature but actually touch more upon the language and interpretation of law. What is privacy and what things are private and what things aren’t and who should say what is and what isn’t?